From Iran to Ukraine Everyone Is Trying to Hack Security Cameras

Militaries around the world have discovered a clever and inexpensive way to gather intelligence during conflicts by taking over everyday security cameras connected to the internet. These consumer devices, often installed in homes, streets, or businesses, offer clear, ground-level views that satellites or drones sometimes cannot match. Researchers at Check Point, a cybersecurity firm based in Tel Aviv, recently uncovered hundreds of attempts to compromise cameras across the Middle East, many coinciding precisely with Iran’s missile and drone strikes on locations in Israel, Qatar, and Cyprus. The efforts focused on popular brands like Hikvision and Dahua, exploiting known vulnerabilities that manufacturers had patched years earlier, some as far back as 2017. Owners rarely update their devices, leaving them exposed and turning them into unwitting tools for reconnaissance, strike planning, and damage assessment.

This tactic has gained traction because it delivers high-value results with minimal effort and cost. Sergey Shykevich, who leads threat research at Check Point, explains that hacking cameras has become a standard part of military operations since it provides direct visibility without relying on expensive assets like satellites, and often with superior resolution. In the recent Middle East activity, attackers used straightforward methods such as improper authentication and command injection flaws to seize control. Check Point blocked dozens of these attempts in countries including Bahrain, Kuwait, Lebanon, and the United Arab Emirates, while spotting hundreds more in Israel through protected networks. The pattern suggests state-linked groups, previously tied to Iranian intelligence, were scanning for cameras in areas hit by physical attacks to support ongoing military actions.

The practice is far from new and has appeared prominently in other conflicts. In Ukraine, Russian forces have hacked consumer cameras for years to pinpoint targets, monitor troop movements, and evaluate strike outcomes. Ukrainian authorities reported instances where intruders even adjusted camera angles for better views and streamed footage to platforms like YouTube for easier access. In response, Ukraine’s Intelligence Service disabled thousands of vulnerable internet-connected cameras to limit exploitation. On the flip side, Ukrainian operators have reportedly taken over Russian cameras to observe enemy positions and possibly guide their own operations, including one instance where footage of a destroyed Russian submarine in Sevastopol Bay appeared to come from a compromised device.

Even advanced militaries employ similar approaches. A Financial Times report described how Israeli forces, working with the CIA, gained access to nearly all traffic cameras in Tehran’s main streets to prepare an airstrike that eliminated Iran’s supreme leader, Ayatollah Ali Khamenei. Peter W. Singer, a military researcher at the New America Foundation, highlights the clear advantages of commandeering civilian camera networks since the opponent has already installed and positioned them across cities at no cost to the attacker. These ground perspectives remain stealthier than drones in contested airspace and offer angles impossible from overhead sources, making them ideal for detailed reconnaissance and post-strike evaluation.

The challenge lies in the accountability gap that keeps the problem persistent. As security researcher Beau Woods points out, neither the camera manufacturers nor the individual owners typically suffer direct harm from the surveillance, so the real victims lack control over the exploited tool. Manufacturers issue patches, but without widespread updates, vulnerabilities linger indefinitely. This dynamic ensures hacked cameras will remain a go-to resource in future conflicts, blending cyber tactics seamlessly with kinetic warfare.

What experiences have you had with securing internet-connected cameras, or how do you think this trend will evolve in ongoing and future conflicts? Share your thoughts in the comments.